Add server side API key option

[Nikola-Milovic]

Currently to use plausible (self-host) you need to create a user and an API key. Ideally, it would be really nice to specify an api key on startup/ inject it into plausible container, and then we'd be able to authenticate via this api key with our other services. It would make the process much more streamlined. Basically have a server only API key, since I don't really need users.

The title is incorrectly worded, it should be less assertive.

This would probably break the architecture of the project since its probably made do work around users and their api keys, might be possible to just create a default admin user?

I'd make this myself and hack it, but I don't think the user creation api is exposed

[ruslandoga]

👋 @Nikola-Milovic

Although not ideal, there is already a way to do something like this with database seeds.

Example (for CI): https://github.com/ruslandoga/plausible-seeds-ci

In docker-compose setup you'd need to write the seed script to insert the API key, mount it into the container and run the script on startup:

plausible:
  # note the new "/entrypoint.sh db seed"
  command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db seed && /entrypoint.sh run"
  volumes:
    - ./seeds.exs:/app/lib/plausible-0.0.1/priv/repo/seeds.exs

[Nikola-Milovic]

Good enough for me! Thanks

[ruslandoga]

The seed script can be something like this

alias Plausible.Repo
alias Plausible.Auth.{User, Password, ApiKey}

# api keys belong to users
# this user would need to be added to sites
api_key_owner =
  Repo.insert!(%User{
    name: "api_key_owner",
    email: "api_key_owner@your_org.com",
    password_hash: Password.hash("swordfish"),
    email_verified: true
  })

%ApiKey{user_id: api_key_owner.id}
# see https://github.com/plausible/analytics/blob/master/lib/plausible/auth/api_key.ex for more options
|> ApiKey.changeset(%{
  name: "bootstrapped api key",
  hourly_request_limit: 600,
  scopes: ["stats:read:*"],
  # should be secret
  key: "EeX606e30MJ6WCG4g01wVcwju1lrM_PkR6rwRbhOHAqgPDHtdjF8vumuxzSvvgV8"
})
|> Repo.insert!